Worm.SQL.Slammer, W32/SQLSlammer.worm, W32/SQLSlam-A, Win32/SQLSlammer.worm, SQLSLAMMER.A,
Worm/SQL.Slammer.dmp, SQLSlammer.A, Win32:SQLSlammer, SQLSlammer, Win32.Worm.SQL.Slammer.A,
Category: Computer Worm
Active & Spreading
Asia, North and South America, and some parts of Europe and Australia
24 Jan 2003
The W32.SQLExp.Worm application is classified as a worm that aims to infect systems using MS Desktop Engine 2000 and Microsoft SQL Server 2000 platforms.
W32.SQLExp.Worm Removal Tool
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean W32.SQLExp.Worm from your computer.
More details about W32.SQLExp.Worm
When the W32.SQLExp.Worm program hits a vulnerable computer system, it sends itself to the Server Resolution Service of SQL, which listens on UDP port. The worm takes advantages of a buffer overflow vulnerability that enables a portion of computer memory to be overwritten. When the W32.SQLExp.Worm program does this, it opens in the similar security context as the server service of the SQL. The worm calls GetTickCount, API function, and utilizes the outcome as a necessity to randomly produce IP addresses. The Worm opens a socket on the contaminated computer and tries to repetitively send itself to UDP port on the IP addresses it has produced, by making use of an ephemeral source port. Since the worm doesn’t selectively hit the host in the subnet, huge amounts of traffic are the outcome.
The W32.SQLExp.Worm is a worm that aims the systems using Microsoft Desktop Engine (MSDE) 2000and Microsoft SQL Server 2000. The worm spreads 376 kilobytes to UDP port, the SQL port. The W32.SQLExp.Worm has the accidental payload of doing a Denial of Service hit due to the huge number of packets it spreads. Some antivirus software has given a tool to eliminate the infections of this worm. Try different kinds of antivirus, it is the simplest way to eliminate this threat. Because the W32.SQLExp.Worm lives in memory only and isn’t written to disk, the virus definitions don’t identify this threat. Customers are suggested to follow the safety measures to control w/ this threat.